Additional password confirmation in has_secure_password

Is it possible to disable password confirmation in the bcrypt-ruby (has_secure_password) gem?

+3


source to share


3 answers


Change password validation to only work when you create an action.



validates :password, presence: true,
                     length: { minimum: 6 },
                     on: :create

      

+5


source


If you don't want to confirm the password, you simply cannot set the: password_confirmation field and authentication will not run.

Find out more here: https://github.com/rails/rails/pull/5131



Rails 4 edit : Since the introduction of strong parameters, this is no longer relevant. Just remove the confirmation field from the registration form and the parameter will not be passed.

+1


source


has_secure_password

is actually part of the ActiveModel and is not a gem in and of itself. The bcrypt gem is only used for the hash of the password_digest attribute.

The has_secure_password method is actually very short ( source here ) and contains one line requiring password confirmation:

# File activemodel/lib/active_model/secure_password.rb, line 34
  validates_confirmation_of :password
  validates_presence_of     :password_digest

      

So, overriding the has_secure_password method by creating a modified version in your config / initializers folder should work. Commenting out the "validates_confirmation_of" line will disable password confirmation. You can also rewrite the method, of course, to use hash parameters, as you tried to do in your question.

0


source







All Articles